No valid IP addresses found for my domain

I’m facing issues in generating Letsencrypt SSL certificates for a domain mapped to a private address. (192.168.19.15)

My domain is: elk.internal.mindcurv.com and its a public domain (Verified from https://dnschecker.org/#A/elk.internal.mindcurv.com)

jerald@jeraldsm:~$ nslookup elk.internal.mindcurv.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: elk.internal.mindcurv.com
Address: 192.168.19.15

I ran this command for generating SSL certificate:
./letsencrypt-auto certonly --standalone -d elk.internal.mindcurv.com

It produced the following output:

[root@elk-slreport letsencrypt]# ./letsencrypt-auto certonly --standalone -d elk.internal.mindcurv.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for elk.internal.mindcurv.com
Waiting for verification…
Challenge failed for domain elk.internal.mindcurv.com
http-01 challenge for elk.internal.mindcurv.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

I have also tried using the command “cerbot --apache”. This one also failed with similar error:

[root@elk-slreport ~]# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Which names would you like to activate HTTPS for?


1: elk.internal.mindcurv.com


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for elk.internal.mindcurv.com
Waiting for verification…
Challenge failed for domain elk.internal.mindcurv.com
http-01 challenge for elk.internal.mindcurv.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

The operating system my web server runs on is (include version): CentOS Linux release 7.7.1908 (Core)

My hosting provider, if applicable, is: Apache/2.4.6

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.39.0

Is it possible to issue a certificate for private IP address ?
Thanks in advance!.

This isn’t going to be possible without using DNS validation to obtain the cert.

2 Likes

As an alternative, if you like split-horizon DNS, you could potentially set something up where elk.internal.mindcurv.com has a routable IP in the external view. E.g. the machine’s own IP, or another machine running a reverse proxy web server…

I’m not endorsing it, just saying you have options. Increasingly complicated and customized options.